lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 7 May 2004 06:33:43 +0100
From: "Matt" <matt_will_fix_it@...mail.com>
To: <bugtraq@...urityfocus.com>
Subject: Security issue with Trend OfficeScan Corporate Edition


Product:              Trend OfficeScan
Product Description:  Trend OfficeScan is a Corporate Antivirus product from
Trend Microsystems
Vendor URL:           http://www.antivirus.com
Versions affected:    3.0 - 6.0 (5.58 is latest version, not fixed until
version 6.5)
Vendor notified:      12th October 2003
Vendor response:      Patch supplied - see details

Details:

The default installation of Trend OfficeScan allows a non admin user to
disable the service, stopping the Antivirus software from working due to
weak permissions. The default permissions on a Trend OfficeScan installation
are:

OfficeScan installation directory (c:\officescan client): "Everyone:Full
Control"
OfficeScan registry data
(HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp) "Everyone:Full
Control".

A user (or virus) simply needs to remove files or modify registry keys in
the locations above to cause the antivirus software to stop working.
Additionally, all OfficeScan options are configurable via the registry, e.g.
scan exclusion directories and file extensions to scan (or not scan) can be
configured. It is ironic that a product designed to increase the security of
corporate desktop computers has such weak security itself.

A patch has been developed which tightens security on the registry keys,
however stops certain client functions working (e.g. removes the ability for
the user to see which pattern file is installed, removes the ability to run
a manual scan on the PC). No patch has been supplied to tighten security on
the Trend installation directory. The registry patch is called
"OSCE_Hotfix_RegistryTool.zip" and is available by contacting your Trend
reseller.

Beinning with Trend OfficeScan 6.5 there will be an option to tighten
security, however the default configuration will be to give Everyone:Full
Control on file system and registry keys.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ